Splunk Search

Community Activity

Replace and add digit Hello, I have the following situation - in the original files I have the following information in the field:ServerNam... by jugarugabi Path Finder in Splunk Search 02-04-2021 0 2	0	2
Speeding up a Search against lookup table searching large index Have a small lookup table with 135 dest_ip and a search that is searching that lookup table against a 40 TB index (... by okretzer Engager in Splunk Search 02-04-2021 0 3	0	3
Combine Multiple Fields Hello, I'm relatively new to Splunk. I have multiple fields with different naming schemes that have different or ide... by JaysonD123 Explorer in Splunk Search 02-04-2021 1 1	1	1
Using result of one search for another Hi all! I am relatively new to splunk and I am trying to use the results of one search for another search,So...index=... by splunk_new1 Explorer in Splunk Search 02-04-2021 0 3	0	3
Search Marcro - Sending Results to Macro Variable. Hi, I'm having the hardest time trying to figure out how to pass an event field into a variable argument to be used i... by chrisboy68 Contributor in Splunk Search 02-04-2021 0 3	0	3
Percentage calculation by timechart We have a request to get values from particular field based on % of bin count. (1) index=ABC \| timechart span=1d cou... by vikram_m Path Finder in Splunk Search 02-04-2021 1 7	1	7
Match Substring in Multivalue field and return only the matched substring values ReconnectedTimeReconnectedDetails2021-02-02T16:46:19.0002021-02-02T08:54:48.000\|viceusr\|0xA310B\|BEK-329999910922\|11.1... by vn_g Path Finder in Splunk Search 02-04-2021 0 3	0	3
Extract value from field Hello everyone,I have multiple fields and i want to extract an ID from it. (That's the only value that changes in it)... by CesarCrt Path Finder in Splunk Search 02-04-2021 0 5	0	5
How to tell if event is within X seconds (both forwards/backwards) of another event Using 'delta' I am able to figure this out, but in one time direction. Now I need the other time direction.In the cu... by duckware Explorer in Splunk Search 02-04-2021 0 2	0	2
Pass field into a subsearch from stats command Hi, i have datanamebinarykeynumberSteve110012345Steve10013246Steve 12347Charles 23456 I am trying to count the whethe... by ssaenger Communicator in Splunk Search 02-04-2021 0 14	0	14
Multiple Stats Multiple Indexes I have 3 data sets that I need to combine with 1 data set not having a field to perform a compare. I initially start... by willadams Contributor in Splunk Search 02-03-2021 0 6	0	6
Any idea why eval doesn't assign value Query example: index=eks sourcetype="kube:container" message=log \| fields data.user_agent \| rex field=data.user_age... by Ruslan Engager in Splunk Search 02-03-2021 0 2	0	2
how to convert date field to days i have a date field like this 2021-01-29 00:25:58.913024+00 i want to convert this just date as days field using now(... by vikram1583 Explorer in Splunk Search 02-03-2021 0 6	0	6
Is there a way to pass results of a subsearch to be used in the display and criteria of a parent search? I've Googled it, but can't find a SOLUTION. I've got a search that pulls Validators remaining per Subject. I want t... by djm229 Engager in Splunk Search 02-03-2021 0 1	0	1
How to compare multivalue field with previous and next event value of _time field ? Each multi-value field (FiledName: R_time ) which has time value in epoch format should be compared to it previous ev... by vn_g Path Finder in Splunk Search 02-03-2021 0 10	0	10
ldapsearch through map command is blanking out the rest of my table except for it's own output 1st search works (I get all fields in my table including GUID): earliest=-1y index=azuread sourcetype="ms:aad:audit" ... by fdevera Path Finder in Splunk Search 02-03-2021 0 0	0	0
Using Multiple Text Box Input For Searching I have a dashboard built that views today's events for processes running on systems. To focus on a single event, I h... by rkeq0515 Path Finder in Splunk Search 02-03-2021 0 3	0	3
When no events logged on the 1st of the month add log from the last day they were received The following search gives me a table that contains the number of lines of code on the first of each month and calcul... by dfraseman Explorer in Splunk Search 02-03-2021 0 5	0	5
How to see number of hits on a specific destination IP Hi All, How can I see number of hits on a specific destination IP by using the search and reporting tab ? Regards by umairnajib New Member in Splunk Search 02-03-2021 0 1	0	1
I want to freeze (or to block) a row in a Splunk Table Hi all,I am struggling with an issue about Splunk Developing. Our target is to freeze a row. Every time that anyone c... by LGP New Member in Splunk Search 02-03-2021 0 1	0	1
Require help to create query for table Hi All,I have the below types of logs in in two different hosts in my index:HOST= abclog1: Tue Feb 2 19:07:26 EST 202... by Mrig342 Contributor in Splunk Search 02-03-2021 0 9	0	9
Help with join - Periodically it fails to join a small percentage of records I have a query to find missing forwarders. It is based on code I received here and it is so very close to working. ... by jmo1 Path Finder in Splunk Search 02-03-2021 0 0	0	0
rest jobs runDuration inaccurate values Hi All... As i am trying to find out the the long running search queries using this rest search, its working fine, bu... by inventsekar SplunkTrust in Splunk Search 02-03-2021 0 2	0	2
Find Multiple Users With The Same Unknown Email Subject Scenario: I have 10 machines infected with malware. The believed infection source is email, I am attempting to create... by pcyr Engager in Splunk Search 02-03-2021 0 3	0	3
excluding a search result Hello Splunkers ! i have a problem here, that we're running an infra structure change and for that im getting duplica... by moayadalghamdi Path Finder in Splunk Search 02-03-2021 0 2	0	2